I'm trying to retrieve information about members of an active directory group using dsget. The command retrieves some but not all members (53 of 141). The problem group contains a child group. The same command syntax with other groups not having a child group is successful. Docs for dsget make it clear quering sub groups is expected to work.
dsget group "CN=MyGroup,OU=Users and Groups,DC=example,DC=ca" -members -expand -c | dsget user -samid -display
dsget failed:CN=SomeChildGroup,OU=Users and Groups,DC=example,DC=ca:The object class of the target does not match the one specified on the command line.
type dsget /? for help. samid display
dandithe Danny.Dithers
adamaca Adam.Abacus
sarahso Sarah.Soother
colcust Colin.Custard
This is run on a client workstation (win7) from a user account that does not have any domain admin privileges. Adding or removing the -expand parameter for recursively querying sub-groups seems to have no effect. Neither does -c for continue on error.
Any idea what is wrong and how to work around it? Please keep in mind I have no domain privileges.
I discovered that I was putting the
-con the wrong side of the pipe. Or perhaps it should be on both sides. In any case adding it to the right works:There is still an error, because the child group isn't a user, but it passes over that and keeps going.
Solution found thanks to Richard Parmiter.
The problem is that some of the objects coming from the
dsget groupare, in fact, groups, yet you are passing them all todsget user.The simple way to get around this is to send the results of the first command to a file, edit out the group entries and feed the result to the second command.